ESG Research

Abstract:

As a top investment priority for security organizations, detection and response programs are entering a significant transition as attack surface expansion and threat complexity drive the need for more comprehensive visibility, detection, and response. The extended detection and response (XDR) movement has spawned a plethora of new solution offerings capable of detecting advanced threats by aggregating, correlating, and analyzing telemetry from endpoints, networks, the cloud, and identities together with a new level of more extensive threat intelligence. What impact – if any – do IT and cybersecurity teams anticipate XDR having on their current endpoint detection and response (EDR) solutions?

Abstract:

As expanding device diversity, zero trust, and extended detection and response initiatives drive organizations to reassess endpoint security solution investments, security teams are looking to replace existing tools with more capable, converged platforms. Significant advances in Microsoft's native endpoint security prevention, detection, and response capabilities, together with attractive bundling and pricing options, have propelled a meteoric rise in the popularity of Microsoft Defender for Endpoint over the past two years. While many intend to use Defender as a core component within their endpoint security arsenal, many still plan to supplement, potentially spawning a new opportunity for other security providers to deliver specialized add-on solutions.

Abstract:

To better secure their growing attack surface, IT and security teams are thinking differently about endpoint security platforms.

Abstract:

Cybersecurity megatrends, including zero trust, XDR, a pandemic-induced increase in remote workers, and the move to public cloud, are influencing the way organizations think about endpoint security. These megatrends add new requirements for endpoint security, while necessitating new levels of integration with other core security controls. Additionally, mobile and IoT are driving massive growth in the number and diversity of devices that must be protected. To better secure their growing attack surface, IT and security teams are thinking differently about endpoint security platforms, what they must include, and how they fit into the broader security stack.

Abstract:

This Master Survey Results presentation focuses on the extension of EDR, NDR, and other security analytics solutions in support of broad threat detection and response programs via emerging XDR technology solutions.

Abstract:

DevSecOps has moved security front and center in the world of modern development; however, security and development teams are driven by different metrics, making objective alignment challenging. This is further exacerbated by the fact that most security teams lack an understanding of modern application development practices. The move to microservices-driven architectures and the use of containers and serverless have shifted the dynamics of how developers build, test, and deploy code. As a result, a convergence of application security tools is underway. Organizations are overwhelmed with the amount of and overlap in issues raised from multiple testing tools, complicating prioritization and mitigation, so integrated application security platforms are desired.

In order to gain insight into these trends, ESG surveyed 378 IT, cybersecurity, and application development professionals at organizations in North America (US and Canada) involved with securing application development tools and processes.

Abstract:

With most organizations standardizing on cloud-delivered email in an effort to shift costs from CapEx to OpEx, many have assumed that email service providers would automatically include comprehensive security controls. Many of these same organizations found it necessary to add third-party controls either during their migration or at a later date. Many have suffered from phishing-related attacks that led to credential theft and BEC, while others faced the loss of sensitive data through both unintentional and intentional actions.

In order to gain insight into these trends, ESG surveyed 403 IT and cybersecurity professionals at organizations in North America (US and Canada) responsible for evaluating, purchasing, and managing email security products, processes, and services.

Abstract:

ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.

This master survey results set offers new data concerning:

• Organizational dynamics, buying behavior, and the future of email security.
• Email attacks and threat detection and response.
• Issues with sensitive data in email.
• Bolstering email security with complementary technologies and services.

Abstract:

ESG conducted an in-depth survey of 380 IT and cybersecurity professionals responsible for evaluating, purchasing, and managing endpoint security products, processes, and services. Survey participants represented midmarket (100 to 999 employees) and enterprise-class (1,000 employees or more) organizations in North America (United States and Canada).

Survey participants represented a wide range of industries including manufacturing, financial services, healthcare, communications and media, retail, government, and business services. For more details, please see the Research Methodology and Respondent Demographics sections of this report.

Abstract:

ESG conducted a comprehensive online survey of IT and cybersecurity professionals from private- and public-sector organizations in North America (United States and Canada) between September 23, 2019 and October 2, 2019. To qualify for this survey, respondents were required to be responsible for evaluating, purchasing, and managing endpoint security technology products and services.

This Master Survey Results presentation focuses on modern endpoint security challenges, plans, and strategies to understand the drivers of endpoint security investments and how decision makers are prioritizing and timing purchase decisions.